Home Depot announced yesterday that its security breach, which went undetected for five months beginning in April, may have compromised 56 million cards. This would make Home Depot's attack larger than Target's, in which case 40 million cards were affected.
Independent security analyst Brian Krebs broke news of the breach on September 2, and the company confirmed the reports on September 8.
Security experts previously hypothesized that the same malware used in this incident was also to blame for the Target hacks. However, Home Depot reported that its investigation found "unique, custom-built malware" in the invaded systems. All malware has now been fully eradicated from the Home Depot point of sale terminals.
Consumers have criticized the company for failing to scan its systems after the Secret Service and Department of Homeland Security issued their malware warning in July. More recently, these organizations have estimated that 1,000 U.S. businesses have been affected by security breaches.
"We apologize for the frustration and inconvenience this breach may have caused," Home Depot said in a statement on its website. "We also want to emphasize that you will not be liable for any fraudulent charges to your accounts, and we're offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on."
Home Depot began fully encrypting its payment systems in January and the project has just been completed. It is also in the process of transitioning to EMV payment methods to meet next year's October PCI deadline.
The Wall Street Journal reported that the company expects to spend $62 million for all the identity monitoring services and call centers related to the breach.
Make sure you're protected by updating your credit card processing software. In cases of retail security and data theft, prevention is always less costly than compensation.